CVE-2009-0258

EUVD-2022-2917
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
typo3typo3
4.0
typo3typo3
4.0.1
typo3typo3
4.0.2
typo3typo3
4.0.3
typo3typo3
4.0.4
typo3typo3
4.0.5
typo3typo3
4.0.6
typo3typo3
4.0.7
typo3typo3
4.0.8
typo3typo3
4.0.9
typo3typo3
4.1.0
typo3typo3
4.1.0:beta1
typo3typo3
4.1.0:rc1
typo3typo3
4.1.1
typo3typo3
4.1.2
typo3typo3
4.1.3
typo3typo3
4.1.4
typo3typo3
4.1.5
typo3typo3
4.1.6
typo3typo3
4.1.7
typo3typo3
4.2.0
typo3typo3
4.2.1
typo3typo3
4.2.2
typo3typo3
4.2.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
typo3-src
105
103
105
103
105
103
105
103
110
111
110
111
110
111
110
111
110
111
110
111
110
111
110
111
110
111
Common Weakness Enumeration
References
http://secunia.com/advisories/33617
http://secunia.com/advisories/33679
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
http://www.debian.org/security/2009/dsa-1711
http://www.openwall.com/lists/oss-security/2009/01/23/4
http://www.securityfocus.com/bid/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/48138
http://secunia.com/advisories/33617
http://secunia.com/advisories/33679
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
http://www.debian.org/security/2009/dsa-1711
http://www.openwall.com/lists/oss-security/2009/01/23/4
http://www.securityfocus.com/bid/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/48138